A special syslog daemon on a send node, wherein the send node is connected to a receive node by a one-way data link, the special syslog daemon configured to receive a syslog message from a syslog sender, insert a portion of ip information of the syslog sender in the body of the received syslog message and route the resulting syslog message to the one-way data link so that the resulting syslog message can be sent through the one-way data link to a syslog receiver communicatively coupled to the receive node. The present invention resolves the potential conflict between syslog and one-way data transfer applications that are configured to remove ip information from data prior to its passage through a one-way data link, thereby leading to a further enhancement of network security through their combination.
|
7. A method of transmitting a syslog message from a syslog sender to a syslog receiver through a one-way data link, comprising the steps of:
receiving a first syslog message from the syslog sender, the first syslog message comprising a header portion including ip information for identifying the syslog sender and a data portion;
extracting the ip information of the syslog sender from the header portion of the received first syslog message;
inserting the extracted ip information of the syslog sender in the data portion of the received first syslog message, thereby generating a second syslog message;
removing the header portion from the second syslog message, thereby generating a third syslog message; and
sending the third syslog message to the syslog receiver through the one-way data link.
5. A machine readable medium having instructions stored on a send node for sending a syslog message to a receive node through a one-way data link, the instructions, when executed by the send node, causing the send node to:
receive a first syslog message from a syslog sender, the first syslog message comprising a header portion including ip information for identifying the syslog sender and a data portion;
extract the ip information of the syslog sender from the header portion of the received first syslog message;
insert the extracted ip information of the syslog sender in the data portion of the received first syslog message, thereby generating a second syslog message;
remove the header portion from the second syslog message, thereby generating a third syslog message; and
send the third syslog message to the receive node through the one-way data link.
1. A send node for sending a syslog message to a receive node through a one-way data link, comprising:
a udp socket for receiving a first syslog message from a syslog sender, the first syslog message comprising a header portion including ip information for identifying the syslog sender and a data portion;
a syslog daemon for extracting the ip information of the syslog sender from the header portion of the received first syslog message, and inserting the extracted ip information of the syslog sender in the data portion of the received first syslog message, thereby generating a second syslog message, wherein the udp socket is further configured to remove the header portion from the second syslog message generated by the syslog daemon, thereby generating a third syslog message; and
an interface to the one-way data link for sending the third syslog message to the receive node through the one-way data link.
3. A one-way data transfer system, comprising:
a syslog sender for generating a first syslog message, the first syslog message comprising a header portion including ip information for identifying the syslog sender and a data portion;
a send node comprising (1) a udp socket for receiving the first syslog message from the syslog sender, and (2) a syslog daemon for extracting the ip information of the syslog sender from the header portion of the first syslog message and inserting the extracted ip information of the syslog sender in the data portion of the first syslog message, thereby generating a second syslog message, wherein the udp socket is further configured to remove the header portion from the second syslog message generated by the syslog daemon, thereby generating a third syslog message; and
a one-way data link for unidirectional transfer of the third syslog message from the send node to a receive node.
2. The send node of
4. The one-way data transfer system of
6. The machine readable medium of
8. The method of
9. The one-way data transfer system of
10. The method of
|
|||||||||||||||||||||||||||
The present invention relates generally to unidirectional data transfer. More particularly, the present invention relates to transmission of syslog messages over a one-way data link.
Protection of a computer or data network from undesired and unauthorized data disclosure, interception or alteration has been a perennial concern in the field of computer and network security. For example, firewall and anti-spyware software have been developed to address security concerns for computers and networks connected to the Internet and to protect them from possible cyberattacks such as Trojan horse-type viruses or worms that may trigger undesired and unauthorized data disclosure by these computers and networks. However, for high security computer networks such as those used by government agencies and intelligence communities and certain commercial applications, conventional network security devices such as firewalls may not provide sufficiently reliable protection from undesired data disclosure.
Alternative network security methods and devices based on unidirectional data transfer have been devised to address the network security concern. For example, U.S. Pat. No. 5,703,562 to Nilsen (“the '562 Patent”), the contents of which are hereby incorporated by reference in its entirety, provides an alternative way to address the network security concern. The '562 Patent discloses a method of transferring data from an unsecured computer to a secured computer over a one-way optical data link comprising an optical transmitter on the sending side and an optical receiver on the receiving side. By providing such an inherently unidirectional data link to a computer/data network to be protected, one can eliminate any possibility of unintended data leakage out of the computer/data network over the same link.
One-way data transfer systems based on such one-way data links provide network security to data networks by isolating the networks from potential security breaches (i.e., undesired and unauthorized data flow out of the secure network) while still allowing them to import data from the external source in a controlled fashion.
This configuration physically enforces one-way data transfer at both ends of the optical fiber connecting the Send Node 101 to the Receive Node 102, thereby creating a truly unidirectional one-way data link between the source network 104 and the destination network 105 shown in
The modern network communications involve various data types, such as files, e-mails, Web contents, real-time audio/video data streams, etc., and also various data transport protocols, such as the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). TCP has been known for its reliability and therefore considered suitable for transporting files and e-mails. UDP, on the other hand, has typically been used for transporting time-sensitive data streams, such as real-time audio/video data streams and also for transporting syslog messages.
Syslog is a standard for sending system log messages (“syslog messages”) via UDP in an IP network. Syslog messages comprise small textual messages from a syslog sender to a syslog receiver (also called syslog daemon, or syslog server), typically in cleartext, and may be configured to report activities at specific addresses in a network. A syslog receiver (syslog daemon) on the hosting platform is responsible for adding to the syslog message received from a syslog sender the IP address or hostname of the syslog sender and writing the result to a local syslog message file. The IP address or hostname of the originating syslog sender is a portion of IP information and may be found in the IP information area of the received syslog message. Syslog messages can be of particular importance in ensuring network security, as the activities of network intruders can be traced by syslog records and irregularities they generate in syslog files. Accordingly, syslog is frequently used as a tool for computer system management, network security auditing, and diagnostic functions. Syslog is supported by a wide array of platforms based on Unix-based operating systems, such as Solaris, Ultrix, AIX, HP-UX and Linux.
Because of many advantages syslog provides for network security and management, it is often desirable and necessary to implement syslog in a one-way data transfer system based on a one-way data link. Thus, it is an object of the present invention to handle transmission of syslog messages across a one-way data link.
Other objects and advantages of the present invention will become apparent from the following description.
The above and related objects, features and advantages of the present invention will be more fully understood by reference to the following, detailed description of the preferred, albeit illustrative, embodiment of the present invention when taken in conjunction with the accompanying figures, wherein:
It has now been found that the above and related objects of the present invention are obtained in the form of several related aspects.
More particularly, the present invention relates to a special syslog daemon on a send node, wherein the send node is connected to a receive node by a one-way data link, the special syslog daemon comprising a port for receiving a syslog message from a syslog sender, and a processor for inserting a portion of IP information of the syslog sender in the body of the received syslog message and routing the resulting syslog message to the one-way data link so that the resulting syslog message can be sent through the one-way data link to a syslog receiver communicatively coupled to the receive node.
The present invention is also directed to a one-way data transfer system, comprising a send node communicatively coupled to one or more source platforms, a receive node communicatively coupled to one or more destination platforms, a one-way data link interconnecting the send node and the receive node for unidirectional transfer from the send node to the receive node, and a special syslog daemon on the send node for receiving a syslog message from a syslog sender on one of the source platforms, inserting a portion of IP information of the syslog sender in the body of the received syslog message, and routing the resulting syslog message to the one-way data link so that the resulting syslog message can be transferred to a syslog receiver on one of the destination platforms.
Furthermore, the present invention also relates to a machine readable medium having instructions stored on a send node, the instructions, when executed by the send node, causing the send node to receive a syslog message from a syslog sender, insert a portion of IP information of the syslog sender in the body of the received syslog message, and send the resulting syslog message to the receive node through a one-way data link to be transmitted to a syslog receiver, wherein the send node is connected to the receive node by the one-way data link, the syslog sender is communicatively coupled to the send node, and the syslog receiver is communicatively coupled to the receive node.
In addition, the present invention is also directed to a method of transmitting a syslog message from a syslog sender to a syslog receiver through a one-way data link, comprising the steps of receiving the syslog message from the syslog sender, inserting a portion of IP information of the syslog sender in the body of the received syslog message, and sending the resulting syslog message to the syslog receiver through the one-way data link.
UDP-based one-way transfer systems based on a one-way data link such as the one illustrated in
Such prohibition on transmission of a raw UDP datagram across a one-way data link may conflict with implementation of syslog message transmission in a one-way data transfer system, as the raw UDP datagram contains the necessary information (an IP address or a hostname included in IP information) for a syslog receiver to process. Since, as noted above, the purpose of syslog's diagnostic function is to track the activities occurring at a specific address in a network, syslog messages may need to indicate the necessary portion of the IP information, such as IP address or hostname, relating to the originating machines on the send side to do its proper function. The present invention resolves this potential conflict and allows a syslog receiver on the receive side of a one-way data link to properly process the syslog messages transmitted from the send side through the one-way data link, even when the UDP-based one-way data transfer system is configured to prohibit transfer of a raw UDP datagram or IP information across the one-way data link.
One exemplary embodiment of the present invention may be implemented in the UDP-based data transfer system 200 illustrated in
The send node 208 may be configured to further remove the IP information or header from the resulting syslog message. Despite the removal of the IP information from the message, the corresponding IP address or hostname of the syslog sender has now been embedded in the body of the syslog message. The send node 208 then transfers the resulting syslog message to the one-way data link 211 via the send node interface 210. The receive node 212 receives the syslog message from the one-way data link 211 via the receive node interface 213 and the UDP port or proxy application 214 associated with the receive node 212 then routes it to the intended syslog receiver 216-218 residing in one of the destination platforms 219-221 via the destination network 215.
When the syslog receiver 216-218 on the destination platform 219-221 finally receives the syslog message, it would only know that the syslog message came through the receive node 212 by detecting its IP information. As the IP information of the original syslog sender 204-206 on the source platform 201-203 had been removed from the syslog message prior to its passage through the one-way data link 211, the syslog receiver 216-218 on the destination platform 219-221 may not be aware of the originator of the syslog message on the send side. However, since the special syslog daemon in the UDP port 209 on the send node 208 inserted the portion of the IP information, such as IP address or hostname which identifies the original syslog sender 204-206, in the body of the syslog message before the IP information was removed from the message, a network monitoring system or administrator for the destination platforms 219-221 may be able to trace the originator of the syslog message, the syslog sender 204-206, by examining the this portion of the IP information embedded in the syslog message body.
As illustrated in the above example, the present invention allows syslog messages which are transferred across a one-way data link to include the portion of the IP information necessary to identify the syslog senders even when the IP information is removed from the syslog messages prior to crossing the one-way data link. In addition to the examples illustrated above, the present invention is applicable to other possible UDP-based one-way transfer systems based on the use of a one-way link. For example, in a UDP multicast configuration involving a multiplexer and a demultiplexer with a plurality of UDP sources and destinations, a special syslog daemon described above may be implemented in one or more of the ports associated with the multiplexer. Under the present invention, the combination of syslog and one-way data transfer applications based on the use of a one-way data link may further enhance the network security.
While this invention has been described in conjunction with exemplary embodiments outlined above and illustrated in the drawings, it is evident that many alternatives, modifications and variations will be apparent to those skilled in the art. Accordingly, the exemplary embodiments of the invention, as set forth above, are intended to be illustrative, not limiting, and the spirit and scope of the present invention is to be construed broadly and limited only by the appended claims, and not by the foregoing specification.
Holmes, Andrew, Mraz, Ronald, Hope, James
| Patent | Priority | Assignee | Title |
| 10142289, | Mar 27 2018 | OWL Cyber Defense Solutions, LLC | Secure interface for a mobile communications device |
| 10171422, | Apr 14 2016 | OWL Cyber Defense Solutions, LLC | Dynamically configurable packet filter |
| 10355960, | Sep 08 2017 | Raytheon Applied Signal Technology, Inc. | Data transfer system including one-way datalink and continuous data synchronization |
| 10462103, | Mar 07 2014 | Airbus Operations SAS; Airbus Defence and Space GmbH | High assurance security gateway interconnecting different domains |
| 10673928, | Feb 29 2016 | Red Hat, Inc. | Syslog advertisements |
| 10990737, | Apr 23 2019 | OWL Cyber Defense Solutions, LLC | Secure one-way network gateway |
| 10999259, | Oct 05 2016 | ShortSave, Inc. | Single point of custody secure data exchange |
| 11368437, | Jul 05 2017 | SIEMENS MOBILITY GMBH | Method and apparatus for repercussion-free unidirectional transfer of data to a remote application server |
| 9130906, | May 23 2014 | United States of America as represented by the Secretary of the Navy | Method and apparatus for automated secure one-way data transmission |
| 9380064, | Jul 12 2013 | OWL Cyber Defense Solutions, LLC | System and method for improving the resiliency of websites and web services |
| 9436825, | Mar 25 2014 | OWL Cyber Defense Solutions, LLC | System and method for integrity assurance of partial data |
| 9749011, | Sep 11 2014 | Electronics and Telecommunications Research Institute | Physical unidirectional communication apparatus and method |
| 9787531, | Oct 11 2013 | KYNDRYL, INC | Automatic notification of isolation |
| 9853918, | Mar 24 2015 | OWL Cyber Defense Solutions, LLC | One-way network interface |
| 9880869, | Jan 13 2015 | OWL Cyber Defense Solutions, LLC | Single computer-based virtual cross-domain solutions |
| Patent | Priority | Assignee | Title |
| 4672601, | Dec 06 1984 | Motorola, Inc. | Duplex interconnect/dispatch trunked radio system |
| 5282200, | Dec 07 1992 | Alcatel Network Systems, Inc. | Ring network overhead handling method |
| 5703562, | Nov 20 1996 | Sandia National Laboratories | Method for transferring data from an unsecured computer to a secured computer |
| 5769527, | Jul 17 1986 | VARI-LITE, INC | Computer controlled lighting system with distributed control resources |
| 5983332, | Jul 01 1996 | Oracle America, Inc | Asynchronous transfer mode (ATM) segmentation and reassembly unit virtual address translation unit architecture |
| 6108787, | Mar 31 1995 | The Commonwealth of Australia | Method and means for interconnecting different security level networks |
| 6262993, | Nov 03 1997 | AMADATA, INC | Computer and peripheral networking device permitting the practical use of buffer insertion-based networks while communicating over unshielded twisted pair conductive media |
| 6269398, | Aug 20 1993 | AVAYA Inc | Method and system for monitoring remote routers in networks for available protocols and providing a graphical representation of information received from the routers |
| 6415329, | Mar 06 1998 | Massachusetts Institute of Technology | Method and apparatus for improving efficiency of TCP/IP protocol over high delay-bandwidth network |
| 6546422, | Jul 02 1998 | NEC Corporation | Caching of network contents by packet relays that determine cache priority utilizing contents access frequency and metrics in their routing tables representing relaying path lengths |
| 6665268, | Aug 31 1999 | Fujitsu Limited | Load testing apparatus, computer readable recording medium for recording load test program, fault diagnosis apparatus, and computer readable recording medium for recording fault diagnosis program |
| 6728213, | Mar 23 2001 | GLOBALFOUNDRIES U S INC | Selective admission control in a network device |
| 6731625, | Feb 10 1997 | Verizon Patent and Licensing Inc | System, method and article of manufacture for a call back architecture in a hybrid network with support for internet telephony |
| 6792432, | Mar 31 1998 | SYBASE, Inc. | Database system with methods providing high-concurrency access in B-Tree structures |
| 6807166, | Aug 05 1998 | GOOGLE LLC | Gateway for internet telephone |
| 6954790, | Dec 05 2000 | LONGHORN HD LLC | Network-based mobile workgroup system |
| 6988148, | Jan 19 2001 | Cisco Technology, Inc | IP pool management utilizing an IP pool MIB |
| 7007301, | Jun 12 2000 | Hewlett Packard Enterprise Development LP | Computer architecture for an intrusion detection system |
| 7016085, | Aug 31 2001 | HEWLETT-PACKARD DEVELOPMENT COMPANY L P | Remote proofing service adaptively isolated from the internet |
| 7020697, | Oct 01 1999 | Accenture Global Services Limited | Architectures for netcentric computing systems |
| 7095739, | Nov 25 2003 | Cisco Technology, Inc. | Reliable multicast communication |
| 7134141, | Jun 12 2000 | HEWLETT-PACKARD DEVELOPMENT COMPANY L P | System and method for host and network based intrusion detection and response |
| 7167915, | Oct 18 2002 | International Business Machines Corporation | Monitoring storage resources used by computer applications distributed across a network |
| 7246156, | Jun 09 2003 | IDEFENDER, LLC | Method and computer program product for monitoring an industrial network |
| 7260833, | Jul 18 2003 | The United States of America as represented by the Secretary of the Navy | One-way network transmission interface unit |
| 7339929, | Aug 23 2002 | CORRIGENT CORPORATION | Virtual private LAN service using a multicast protocol |
| 7356581, | Apr 18 2001 | Hitachi, Ltd. | Storage network switch |
| 7370025, | Dec 17 2002 | Veritas Technologies LLC | System and method for providing access to replicated data |
| 7389323, | Jan 23 2002 | Murata Kikai Kabushiki Kaisha | Communication device and program |
| 7440424, | Jun 19 2003 | Samsung Electronics Co., Ltd. | Apparatus and method for detecting duplicate IP addresses in mobile ad hoc network environment |
| 7454366, | Nov 19 2001 | Sony Corporation | Product management system and method |
| 7512116, | Aug 05 1998 | GOOGLE LLC | Gateway for internet telephone |
| 7529943, | Apr 16 2003 | Juniper Networks, Inc.; Juniper Networks, Inc | Systems and methods for end-to-end resource reservation authentication |
| 20020003640, | |||
| 20020118671, | |||
| 20020120578, | |||
| 20020129106, | |||
| 20020133586, | |||
| 20030028650, | |||
| 20030051026, | |||
| 20030058810, | |||
| 20030103089, | |||
| 20030119568, | |||
| 20030172145, | |||
| 20030195932, | |||
| 20030200321, | |||
| 20040073658, | |||
| 20040103199, | |||
| 20040236547, | |||
| 20040236874, | |||
| 20040260733, | |||
| 20050005154, | |||
| 20050033990, | |||
| 20050037787, | |||
| 20050091396, | |||
| 20050201373, | |||
| 20050216421, | |||
| 20050259587, | |||
| 20060018466, | |||
| 20060031481, | |||
| 20060059253, | |||
| 20060080441, | |||
| 20060114566, | |||
| 20060153092, | |||
| 20060153110, | |||
| 20060161395, | |||
| 20060173850, | |||
| 20060190592, | |||
| 20060209719, | |||
| 20060288286, | |||
| 20070223158, | |||
| 20090024612, | |||
| WO2004105297, |
| Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
| Apr 19 2007 | Owl Computing Technologies, Inc. | (assignment on the face of the patent) | / | |||
| Jun 26 2007 | HOLMES, ANDREW | OWL COMPUTING TECHNOLOGIES, INC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 019537 | /0424 | |
| Jun 27 2007 | HOPE, JAMES | OWL COMPUTING TECHNOLOGIES, INC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 019537 | /0424 | |
| Jun 29 2007 | MRAZ, RONALD | OWL COMPUTING TECHNOLOGIES, INC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 019537 | /0424 | |
| Jan 31 2017 | OWL COMPUTING TECHNOLOGIES, INC | BANK OF AMERICA, N A | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 041136 | /0223 | |
| Feb 03 2017 | OWL COMPUTING TECHNOLOGIES, INC | Owl Computing Technologies, LLC | CORRECTIVE ASSIGNMENT TO CORRECT TO REMOVE THIS DOCUMENT SERVES AS AN OATH DECLARATION 37 CFR 1 63 FROM THE COVER SHEET PREVIOUSLY RECORDED AT REEL: 041765 FRAME: 0034 ASSIGNOR S HEREBY CONFIRMS THE MERGER EFFECTIVE DATE 02 03 2017 | 042344 | /0033 | |
| Feb 03 2017 | OWL COMPUTING TECHNOLOGIES, INC | Owl Computing Technologies, LLC | MERGER SEE DOCUMENT FOR DETAILS | 041765 | /0034 | |
| Jun 02 2017 | Owl Computing Technologies, LLC | OWL Cyber Defense Solutions, LLC | CHANGE OF NAME SEE DOCUMENT FOR DETAILS | 042902 | /0582 | |
| Jul 23 2020 | OWL Cyber Defense Solutions, LLC | OWL Cyber Defense Solutions, LLC | MERGER AND CHANGE OF NAME SEE DOCUMENT FOR DETAILS | 060978 | /0964 | |
| Jul 23 2020 | Tresys Technology, LLC | OWL Cyber Defense Solutions, LLC | MERGER AND CHANGE OF NAME SEE DOCUMENT FOR DETAILS | 060978 | /0964 |
| Date | Maintenance Fee Events |
| Oct 08 2014 | M2551: Payment of Maintenance Fee, 4th Yr, Small Entity. |
| Jun 05 2018 | M2552: Payment of Maintenance Fee, 8th Yr, Small Entity. |
| Dec 26 2022 | REM: Maintenance Fee Reminder Mailed. |
| May 03 2023 | BIG: Entity status set to Undiscounted (note the period is included in the code). |
| May 03 2023 | M1553: Payment of Maintenance Fee, 12th Year, Large Entity. |
| May 03 2023 | M1556: 11.5 yr surcharge- late pmt w/in 6 mo, Large Entity. |
| Date | Maintenance Schedule |
| May 10 2014 | 4 years fee payment window open |
| Nov 10 2014 | 6 months grace period start (w surcharge) |
| May 10 2015 | patent expiry (for year 4) |
| May 10 2017 | 2 years to revive unintentionally abandoned end. (for year 4) |
| May 10 2018 | 8 years fee payment window open |
| Nov 10 2018 | 6 months grace period start (w surcharge) |
| May 10 2019 | patent expiry (for year 8) |
| May 10 2021 | 2 years to revive unintentionally abandoned end. (for year 8) |
| May 10 2022 | 12 years fee payment window open |
| Nov 10 2022 | 6 months grace period start (w surcharge) |
| May 10 2023 | patent expiry (for year 12) |
| May 10 2025 | 2 years to revive unintentionally abandoned end. (for year 12) |